Hi,
I'm following the document in Note 1837331 about setting up Kerberos for SSO with Active Directory.
When setting up the krb5.conf file, I'm having trouble getting it to find the KDC without explicitly specifying them in the file.
The document states that if the records are in DNS (and they are) then you don't need a [realms] section where you manually specify the kdc location but I can't get this to work. If I do specify a [realms] and put a kdc line in there, it works perfectly but I'd like to utilise DNS as the system I'm configuring has 12 domain controllers and I don't want to manually specify each one and manually change each system each time a new DC is added or removed!
I've ran a tcpdump session looking for DNS queries, and when running kinit I don't see any attempts at DNS lookups. It just fails with the below.
Password for USER@UK.EXAMPLE.COM:
com.ibm.security.krb5.KrbException, status code: 60
message: Cannot find KDC for realm UK.EXAMPLE.COM
at com.ibm.security.krb5.p.send(p.java:45)
at com.ibm.security.krb5.KrbAsReq.send(KrbAsReq.java:176)
at com.ibm.security.krb5.p.send(p.java:59)
at com.ibm.security.krb5.KrbAsReq.send(KrbAsReq.java:130)
at com.ibm.security.krb5.internal.tools.Kinit.a(Kinit.java:128)
at com.ibm.security.krb5.internal.tools.Kinit.<init>(Kinit.java:66)
at com.ibm.security.krb5.internal.tools.Kinit.main(Kinit.java:12)
com.ibm.security.krb5.KrbException, status code: 60
message: Cannot find KDC for realm UK.EXAMPLE.COM
Has anyone made this work?
Kind Regards
Chris